Identity & Privacy Protection



Similar documents
An Operational Architecture for Federated Identity Management

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

The Convergence of IT Security and Physical Access Control

The Costs of Managed PKI:

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Department of Defense PKI Use Case/Experiences

For Official Use Only (FOUO)

Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance

Identity, Credential, and Access Management. Open Solutions for Open Government

Understanding the differences in PIV, PIV-I, PIV-C August 23, 2010

US Security Directive FIPS 201

The Convergence of IT Security and Physical Access Control

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

FOUR PILLARS FOR A SUCCESSFUL PIV ECOSYSTEM

A brief on Two-Factor Authentication

Information Technology Branch Access Control Technical Standard

CoSign by ARX for PIV Cards

Identity and Access Management Initiatives in the United States Government

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

WHITE PAPER Usher Mobile Identity Platform

Axway Validation Authority Suite

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

Executive Summary P 1. ActivIdentity

Strengthen security with intelligent identity and access management

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

ADDING STRONGER AUTHENTICATION for VPN Access Control

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

IDaaS: Managed Credentials for Local & State Emergency Responders

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, DC

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

STRONGER AUTHENTICATION for CA SiteMinder

Moving to Multi-factor Authentication. Kevin Unthank

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

Chapter 1: Introduction

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

CS 356 Lecture 28 Internet Authentication. Spring 2013

PROTECT YOUR WORLD. Identity Management Solutions and Services

NIST Test Personal Identity Verification (PIV) Cards

FEDERAL IDENTITY, CREDENTIAL, AND ACCESS MANAGEMENT AND PERSONAL IDENTITY VERIFICATION (PIV) SOLUTIONS

Intel Enhanced Data Security Assessment Form

Strong Identity Authentication for First Responders

SAFE Digital Signatures in PDF

Certification Practice Statement

DEPARTMENTAL REGULATION

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

API-Security Gateway Dirk Krafzig

Information Security Basic Concepts

esign Online Digital Signature Service

Knowledge Based Authentication (KBA) Metrics

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

CHIS, Inc. Privacy General Guidelines

Information Security. Rick Aldrich, JD, CISSP Booz Allen Hamilton

Department of Defense SHA-256 Migration Overview

Information Technology Policy

Big Data, Big Risk, Big Rewards. Hussein Syed

Deputy Chief Executive Netrust Pte Ltd

Excerpt of Cyber Security Policy/Standard S Information Security Standards

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3

Bellevue University Cybersecurity Programs & Courses

CTS2134 Introduction to Networking. Module Network Security

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

VASCO: Compliant Digital Identity Protection for Healthcare

Is your mainframe less secure than your file server? Malcolm Trigg Solutions Consultant 24 th February 2016

Entrust IdentityGuard Comprehensive

Identity, Credential, and Access Management. An information exchange For Information Security and Privacy Advisory Board

Human Factors in Information Security

Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

Health Insurance Portability and Accountability Act Enterprise Compliance Auditing & Reporting ECAR for HIPAA Technical Product Overview Whitepaper

Oracle WebCenter Content

What Does it Mean to be PIVish in PACS ICAM PIV in E-PACS Guidance v2.0.2 the short form. December 3, 2012

ViSolve Open Source Solutions

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Incorporating Digital Signing & Encryption in Transactions in the Payment System of Sri Lanka

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS

Security Control Standard

Applying Cryptography as a Service to Mobile Applications

Configuring DoD PKI. High-level for installing DoD PKI trust points. Details for installing DoD PKI trust points

TELSTRA RSS CA Subscriber Agreement (SA)

Sarbanes-Oxley Act. Solution Brief. Sarbanes-Oxley Act. Publication Date: March 17, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Strong Authentication for Healthcare

Technical Standards for Information Security Measures for the Central Government Computer Systems

Attribute-Based Access Control Solutions: Federating Authoritative User Data to Support Relying Party Authorization Decisions and Requirements

nexus PKI Solution Brief nexus PKI

Transcription:

Identity & Privacy Protection An Essential Component for a Federated Access Ecosystem Dan Turissini - CTO, WidePoint Corporation turissd@orc.com 703 246 8550

CyberSecurity One of the most serious economic & national security threats our nation faces. -- President Obama Issues at Hand: Cost-effectively prevent Cyber-terrorism, Cyber-crime, & defend our nation s critical infrastructure: Reduce risk of un-authorized disclosure of proprietary & privacy information Share timely information securely with remote workers, vendors, partners & customers Ensure the accountability of all Cyber-transactions Avoid unnecessary costs arising from system silos Prevent Terrorism & Promote National Security Prevent Cybercrime; Identity Theft; Promote Efficient use of Technology Defend Critical Infrastructure from Invasive Attack & Information Theft

CyberApproach Standards-based, Cyber Identity Enabling Infrastructure (CIEI )* for electronic authentication, validation & access control: identity Management Create & maintain an identity, including discrete attributes, centralized administration & self-service of user accounts E-Authentication Provide repositories for identity, network and/or resource profiles; provide security services that enable identification, validation & support for authorization Access Management Provide authorization, audit & session management functions to define individual access rights for business partners, suppliers, customers or employees Provisioning & Workflow Implement business policies to support greater automation for devices such as identity tokens, credit cards, cell phones & PCs * Driven in the Federal Government by OMB 11-11 & Commercial Cloud Based Initiatives Prevent Terrorism & Promote National Security Prevent Cybercrime; Identity Theft; Promote Efficient use of Technology Defend Critical Infrastructure from Invasive Attack & Information Theft

Federated Identity Solution Federated identity provides a strong, biometrically enabled electronic identity credential, that can be readily electronically validated by any Federal logical/physical access point that allows the decision maker or databases to make a local specific privilege and/or authorized access decision confident in: the identity of the person attempting access; the identity of the device attempting access; the identity of vetted organization that they represent; that the organization & the individual have a legal relationship; and, that the individual has been vetted in person consistent with defined levels. Credential assures you are who you say you are, Relying Party confirms what holder is permitted to access!

System of Systems A common understanding/ governance is required to insure interoperability and collapse silos

Federated Trust Trusted Third Parties Relying Parties (Federal, State & Local Government, Businesses & Individuals) The Trust Triangle Subscribers (End-Entities)

Robust Validation Infrastructure Validation Service (Site 1) CRL Update Path (ldap/ ldaps http/https) Validation Service (Site N) Alternative Validation Paths (OCSP) 50 + Compliant CRLs 20 + Compliant PKI Directories Local Area Network https Application Servers Client/WS Client/WS Inside and/or Outside the LAN Client/WS Client/WS OCSP Repeater

Strong Audit Processes Initiation -- Preparation -- Notification & Resource Id -- Syst Security Baseline, Analysis, Update, & Acceptance Continuous Monitoring Security Certification -- Configuration Mgmt & Control -- Security Controls Monitoring -- Status Reporting & Documentation -- Security Controls Assessment -- Security Certification Documentation Security Accreditation -- Security Accreditation Decision -- Security Accreditation Documentation A consistent certification process

Alternative Tokens CAC/ PIV/ PIV-I Embedded/ Removable HW Crypto FIPS-140/ Common Criteria SD/MicroSD USB Trusted Platform Module (TPM) SIM CAC = DoD Common Access Card PIV = U.S. Personal Identification Verification PIV-I = PIV-Interoperable (Non-Federal Issuer Equivalent)

Device as an Identity Token Removable HW Crypto SD/MicroSD USB SIM Embedded HW Crypto Token

Enhanced Logical Access Control 1. Initial Enterprise Logon 2. Validate Device Certificate Remote Client/WS Border Server Validation Data 5. Validate ID Certificate 3. Authenticated SSL VPN Established 4. Initiate Application Logon 6. Access Attributes Validation Data Remote Client/WS Border Server Application Server FDS SSL VPN https Remote Client/WS Border Server Application Server

Current Markets Fueled by Government Mandate for Increased Assurance Levels Government Security Standards will be Driven Across the Business Continuum Government Mandated Regulations Government Contracting Ecosystem Enterprise Marketplace End User Applications Mass Markets Millions of Users, Servers, Workstations and Handheld Devices Tens of Millions of Users, Servers, Workstations and Handheld Devices Global interoperability & Unlimited Computer Resources

Critical Infrastructure Protection Citizen Privacy Information Energy Grid First Responders Financial Systems Military Secrets Federal Government HealthCare/HIPAA Veterans Benefits Transportation Systems Retirees & Dependents Trading Partners & Allies Breaking down silos Sarbanes/ Oxley

Can Dramatically Reduce COGS Federated Digital Signature Solution Chain of Trust Privacy Reduces High Help Desk Costs Mitigates Risks Associated with username & passwords Enhances Fraud Protection Syndicated Investment/ Syndicated Risk Federally Certified & Accredited Products/ Services Interoperability

Summary Enhanced Security - New Customer Motivator Reduced Infrastructural Support Costs Minimal Investment - Immediate ROI Payback

Contact Information Dan Turissini - CTO, WidePoint Corporation, turissd@orc.com 703 246 8550 Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information